How to add Application security group to private endpoint with terraform?

Hi,
How to add Application security group to private endpoint with terraform?
I have my private endpoint in azure
I created an ASG and I want to associate this ASG to private endpoint?
thanks

1 Like

I have a similar question. I have created a Private Endpoint using Terraform, but when I try to assign its NIC to ASG as a separate step, I get an error:

resource "azurerm_network_interface_application_security_group_association" "this" {
  for_each = { for pe in var.endpoints : pe.name => pe }

  network_interface_id          = azurerm_private_endpoint.this[each.key].network_interface[0].id
  application_security_group_id = azurerm_application_security_group.this.id
}

The error I get is the following:

Failure sending request: StatusCode=400 – Original Error: Code=“CannotModifyNicAttachedToPrivateEndpoint” Message=“Network interface /subscriptions/2fd588c2-ba77-4dde-b8d0-d9093b711a6c/resourceGroups/rg-intl-sandbox-connectivity-euw-mdr-exxe/providers/Microsoft.Network/networkInterfaces/pe-intl-sandbox-connectivity-euw-mdr-exxe-s.nic.eec9cb61-ef1a-4d19-bfdf-12cd0e9b884e is linked to a private endpoint /subscriptions/2fd588c2-ba77-4dde-b8d0-d9093b711a6c/resourceGroups/rg-intl-sandbox-connectivity-euw-mdr-exxe/providers/Microsoft.Network/privateEndpoints/pe-intl-sandbox-connectivity-euw-mdr-exxe-sqldb. It can not be modified by user.”

Clearly Private Endpoint NIC cannot be modified post-creation, but Terraform AzureRM module lacks ASG support. Is this because this feature is still in Preview, or there’s another reason? Thanks

Just FYI, it does work if ASG is assigned via Azure Portal UI (post PE creation). Not sure, why it doesn’t work via TF.